<?php
/**
 * Created by PhpStorm.
 * User: Administrator
 * Date: 2016/2/12 0012
 * Time: 23:45
 */
header("Content-type:text/html;charset=utf-8");
mysql_connect("localhost","root","321abcD");

mysql_query("set names 'uf8' ");
mysql_select_db("mm");
@$username=$_POST['username'];
@$pass=$_POST['pass'];

@$query=mysql_query("select `username`,`userflag` from `users` WHERE `username`='$username' and `pass` ='$pass'")
or die("查询失败");

//print_r(mysql_fetch_assoc($query));

if($row = mysql_fetch_array($query))
{
    session_start();
    //判断权限
    if($row['userflag'] == 1 or $row['userflag'] == 0){
        $_SESSION['username'] = $row['username'];
        $_SESSION['userflag'] = $row['userflag'];
        echo "<a href='admin.php'>欢迎访问</a>";
    }else{
        echo "userflag不正确";
    }

}else{
    echo "错误<a href='index.html'>首页</a>";
}